Whistleblower Protection in the UAE: New developments and overview of the DFSA consultation paper

Given the region’s positioning as an economic hub, there is a great deal of attention being placed on economic security in the UAE. One aspect being highlighted is that of whistleblowing, whereby employees can play a pivotal role in highlighting wrongdoing within their firm. With the recent Dubai Financial Services Authority (DFSA) consultation paper, we can see that there is a move towards ensuring whistleblower protection in order to enhance confidence in markets and promote good corporate governance.

On 7 July 2021, the DFSA published consultation paper 141, which seeks comment on proposed changes to expand on whistleblowing measures applicable to DFSA Authorised firms, Designated Non-Financial Businesses and Professions (DNFBPs) and Registered Auditors operating within the Dubai International Financial Centre (DIFC). The DFSA itself expressed concern that the current DFSA administrated laws and rules are not, in its opinion, sufficient. The overall purpose of the proposed measures serves to further protect the whistleblower, with the DFSA noting that Article 64 of the DIFC Operating Law provides a higher degree of protection to whistleblowers than the DFSA currently has in place, and to ensure continuity across the above listed entities when reporting and recording misconduct. The consultation does not distinguish between branches and subsidiaries.

The proposed changes would update DFSA rulebooks (GEN, AUD, AMI, AML), the DFSA Regulatory Policy and Process Sourcebook (’RPP’) and DIFC Law No.1 of 2004. The wide reach of the proposed updates looks to ensure the aforementioned continuity, which in turn could bring comfort to any individual who needs to internally notify their firm or externally notify the DFSA of knowledge or suspicion of illegal activity.

In essence, the proposed updates can be read as seeking to tackle the lifecycle of whistleblowing, with the rulebooks covering the procedures a firm must have, the law update tackling any potential employer retribution that the whistleblower may fear and the sourcebook setting out possible regulatory action once a report is received. Let us look at each of these in turn.

If updated, the rulebooks would look to ensure that DFSA authorised firms, including DNFBPs, have in place a consistent level of consideration to whistleblowing policies and procedures. The GEN, AUD and AML rulebooks would give a definition of ‘regulatory concern’, thereby assisting an employee who may not be sure if they need to disclose an event they have become aware of, and of whistleblowing. They would also make clear that there needs to be written policies and procedures in place to facilitate a disclosure by a whistleblower and to detail the internal, and potentially external, process following the disclosure. In addition, there would need to be a detailed record maintained of all such reports and action taken following receipt, both in protecting the person and assessing whether to disclose the report to the DFSA. The DFSA encourages the whistleblower to report internally, however it also acknowledges that occasionally, reporting directly to the regulator may be more appropriate.

Notably, the rulebook update would require employers to put specific measures in place to protect a whistleblower, both during and after any action taken by, or against, the firm. An employee at any level of a firm could become aware of misconduct, and fear of retribution would understandably be a key concern ahead of whistleblowing. The proposed law update inserts an entire sub-article on the matter, making clear who it would be appropriate to make the disclosure to and what action cannot be taken against the whistleblower themselves, such as terminating their employment or raising a civil case, and stressing the possibility that a disclosure can be made anonymously. In addition, the law update reminds a potential whistleblower that they must have reasonable suspicion when considering making a disclosure, which serves two purposes of reassuring the person that they need not know specific laws that are being contravened or have witnessed the event themselves, but it also protects the firm with the inclusion of ‘reasonable’. The law would likewise require the disclosure to be made by the person in good faith, which would offer some protection to the firm against any potential false accusations made for nefarious reasons.

The proposed update to RPP comes in the penalty guidance section. An addition has been made to bring into consideration the treatment of the whistleblower when deciding on the penalty to levy against the firm. However, the interesting addition under financial penalties that could be imposed on an individual reminds us that if the whistleblower was actively involved in the contravention, they could still be fined, however the consideration is whether credit should be given to the individual when the penalty is being decided.

The above proposed updates would assist in removing a culture of fear around whistleblowing, whether that fear is being incorrect about an event being illegal, not knowing specifically what regulation has been breached, experiencing retribution from an employer, having to disclose your identity or being censured for active involvement in the breach. For the proposed updates to be effective, employers would need to remember that a whistleblower can work at any level of the company. Therefore, policies and procedures should be shared with all, supported by training for every employee on the procedure, potential outcomes of a disclosure and employee protections in place. 

The deadline to provide comments to the DFSA is 7 September 2021. The paper can be accessed on the DFSA website (dfsa.ae), with the link to provide feedback within the paper.

How can we help? 

Equiom Corporate Services (Middle East) Ltd can help with any compliance and AML training needed for your employees on the topic of whistleblowing or any compliance related matters. Our team consists of experienced compliance professionals who have assisted various firms / new applicants in the DIFC and ADGM with their regulatory licence applications, licence variation applications, drafting / reviewing / updating compliance and AML related policies and procedures, compliance and AML training, and compliance reviews.

Please contact Alistair Wellmann for further information.